In some instances you might have a significant number and for whatever reason the permissions may have been altered, and the Group Policy defaults don’t quite suit your requirements. Or maybe you’re transfering these files to a new server, in a different domain. I can’t image you want to do the whole thing by hand.

In days of old we’d sort this with a batch script and it would be ok, but might take a while to run. Powershell has changed things though. The script we’ve popped together (below) runs lightning quick in comparison, and we thought someone else might also find it useful.

Just save it in a ps1 file, and invoke it from powershell, providing your directory path that you want to “fix”.

To use our example from above, you’d call the script on FILESERVER, from powershell:

PS C:\Users\Karl> C:\path\to\scripts\fix-perms.ps1 “D:\Data\Users”

The script would then go over each directory and try and add that user to the ACL with Modify rights – i.e. the JcMcMuffin user to the D:\Data\Users\JMcMuffin directory.

In our scenario we required ourselves, another group, SYSTEM and each user to have access only – So we pushed the common permissions from the parent, and then ran the script to add the individual users.

# Fix-Perms
# Iterates over all child directories, and adds the user, with the same name as the directory, to the ACL with modify rights
# Usage:
# Fix-Perms “C:\Path\To\Directory”
# Or, for the current directory
# Fix-Perms “.”

# our parameters, throw a warning if we get none
param (
[string] $dirpath = $(throw “Please specify the full path to the directory!”)
)

# get list of all child directories, in the current directory
$directories = dir $dirpath | where {$_.PsIsContainer}

# iterate over the directories
foreach ($dir in $directories)
{
# echo out what the full directory is that we’re working on now
write-host Working on $dir.fullname using $dir.name

# setup the inheritance and propagation as we want it
$inheritance = [system.security.accesscontrol.InheritanceFlags]“ContainerInherit, ObjectInherit”
$propagation = [system.security.accesscontrol.PropagationFlags]“None”

# get the existing ACLs for the directory
$acl = get-acl $dir.fullname

# add our user (with the same name as the directory) to have modify perms
$aclrule = new-object System.Security.AccessControl.FileSystemAccessRule($dir.name, “Modify”, $inheritance, $propagation, “Allow”)

# check if given user is Valid, this will barf if not
$sid = $aclrule.IdentityReference.Translate([System.Security.Principal.securityidentifier])

# add the ACL to the ACL rules
$acl.AddAccessRule($aclrule)

# set the acls
set-acl -aclobject $acl -path $dir.fullname
}